Engineering:Kirk Ransomware
Part of the ransom note | |
Classification | Ransomware |
---|---|
Written in | Python[1] |
Kirk Ransomware, or Kirk,[2] is malware. It encrypts files on an infected computer and demands payment for decryption in the cryptocurrency Monero. The ransomware was first discovered in 2017, by Avast researcher Jakub Kroustek.[2][3]
Description
Kirk Ransomware is a trojan horse program that masquerades as Low Orbit Ion Cannon, an application used for stress testing and denial-of-service attacks.[1] Once activated, Kirk Ransomware searches the infected computer's hard drive for files with certain filename extensions, and encrypts and renames them, adding .kirked
to the end of their filenames. When the encryption is finished, a window pops up, displaying an ASCII art image of Captain James T. Kirk and Spock from Star Trek: The Original Series, and informing the user that files have been "encrypted using military grade encryption." "SPOCK TO THE RESCUE!" the ransom note continues, and demands payment in order to receive a decryptor program named Spock.[4][5] The ransom demanded is initially 50 Monero (worth about $1,175 as of March 2017);[6] if not paid within 48 hours, the demand begins increasing, reaching 500 Monero after two weeks. If the ransom remains unpaid after 30 days, the decryption key is deleted, essentially rendering the encryption irreversible.[6] The ransom note includes a spurious quotation from Spock ("Logic, motherfucker"), and ends with "LIVE LONG AND PROSPER".[1]
Kirk Ransomware is the first known ransomware to demand payment in Monero; most other ransomware has demanded bitcoins.[7] Monero has significantly greater privacy protection than bitcoin, making transactions much more difficult to trace.[2][8]
A variant of Kirk Ransomware, named Lick Ransomware, was also discovered; it does not contain Star Trek references.[9]
References
- ↑ 1.0 1.1 1.2 "Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor!". Bleepingcomputer.com. 2017-03-16. https://www.bleepingcomputer.com/news/security/star-trek-themed-kirk-ransomware-brings-us-monero-and-a-spock-decryptor/.
- ↑ 2.0 2.1 2.2 Fields, Ziska (2018). Handbook of Research on Information and Cyber Security in the Fourth Industrial Revolution. IGI Global. p. 105. ISBN 978-1-5225-4764-8.
- ↑ "Shameless crooks fling Star Trek-themed ransomware at world". The Register. 2017-03-17. https://www.theregister.co.uk/2017/03/17/star_trek_ransomware/.
- ↑ Bremner, Bill (2017-03-24). "Spock will unlock Kirk ransomware – after you beam up a bunch of Monero". Sophos. https://nakedsecurity.sophos.com/2017/03/24/spock-will-unlock-kirk-ransomware-after-you-beam-up-a-bunch-of-monero/.
- ↑ "Kirk ransomware sports Star Trek-themed decryptor and little-known crypto-currency". Grahamcluley.com. 17 March 2017. https://www.grahamcluley.com/kirk-ransomware-sports-star-trek-themed-decryptor-little-known-crypto-currency/.
- ↑ 6.0 6.1 Ms. Smith (19 March 2017). "Star Trek-themed Kirk ransomware discovered". CSO Online. https://www.csoonline.com/article/3182415/star-trek-themed-kirk-ransomware-has-spock-decryptor-demands-ransom-be-paid-in-monero.html.
- ↑ "Kirk ransomware – A Star Trek Themed Ransomware that requests Monero payments". Cyber Defense Magazine. 22 March 2017. https://www.cyberdefensemagazine.com/kirk-ransomware-a-star-trek-themed-ransomware-that-requests-monero-payments/.
- ↑ Hern, Alex (December 11, 2017). "Missed the bitcoin boom? Five more baffling cryptocurrencies to blow your savings on". The Guardian. https://www.theguardian.com/technology/shortcuts/2017/dec/11/missed-bitcoin-boom-five-more-baffling-cryptocurrencies-to-blow-your-savings-on.
- ↑ "The Week in Ransomware – March 17th 2017 – Revenge, PetrWrap, and Captain Kirk". Bleepingcomputer.com. 2017-03-18. https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-17th-2017-revenge-petrwrap-and-captain-kirk/.